"The vulnerability has been assigned the CVE identifier CVE-2026-34621 and a CVSS score of 9.6. The flaw stems from improperly controlled modifications to prototype attributes and can be exploited to execute arbitrary code."
"Li came across the zero-day while analyzing a sophisticated PDF exploit uploaded to Expmon. The exploit he identified was designed to harvest information, but the researcher warned in his initial disclosure that subsequent stages in the exploit chain may include remote code execution and a sandbox escape."
"Based on the analysis of an exploit sample uploaded to VirusTotal, researchers determined that exploitation of CVE-2026-34621 started as early as November 2025. Li indicated that an APT is likely behind the attacks."
Adobe issued emergency patches for a critical zero-day vulnerability, CVE-2026-34621, affecting Acrobat and Reader on Windows and macOS. The flaw allows arbitrary code execution and has a CVSS score of 9.6. The vulnerability was reported by researcher Haifei Li, who discovered it while analyzing a sophisticated PDF exploit. Exploitation began as early as November 2025, with indications of an APT behind the attacks. Malicious PDFs used Russian-language lures related to the oil and gas sector, suggesting targeted exploitation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]